At my company, we tag each CVS module and we use those tags to build releases. That way, we know exactly which code versions each deployment has. Also, developers can check in code at any point while controlling when they release it.

Branches are a major headache, which I avoid whenever possible. You have to worry about maintaining and testing each branch, along with merging changes. I prefer to release the latest and greatest code to each customer. If different customers require different behavior, if statements and configuration files are a lot better than CVS branches.

Branches do make sense if you want to release a minor change to an old release, but upgrading the entire code base is risky. However, high-quality code and testing should reduce that risk.

Ten Immutable Laws of SecurityLaw #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymoreLaw #2: If a bad guy can alter the operating system on your computer, it's not your computer anymoreLaw #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymoreLaw #4: If you allow a bad guy to upload programs to your website, it's not your website any moreLaw #5: Weak passwords trump strong securityLaw #6: A computer is only as secure as the administrator is trustworthyLaw #7: Encrypted data is only as secure as the decryption keyLaw #8: An out of date virus scanner is only marginally better than no virus scanner at allLaw #9: Absolute anonymity isn't practical, in real life or on the WebLaw #10: Technology is not a panacea

Getting rid of util class1) If the family of methods uses different parameters, depending on optional input or representations of the same input, then consider transforming the Helper via a fluent interface using the Builder pattern: from a collection of static methods like Helper.calculate(x), calculate(x, y), calculate(x, z), calculate(y, z) we could easily get to something like newBuilder().with(x).with(y).calculate(). The helper class would then offer behaviours, reduce its list of business methods and provide more flexibility for future extensions. Callers would then use it as internal field for reuse or instantiate it where needed. The helper class (as we knew it) disappeared.2) If the helper class provides methods which are actually actions for different inputs (but, at this point, for the same domain), consider applying the Command pattern: the caller will actually create the required command (which will handle the necessary input and offer a behaviour) and an invoker will execute it within a certain context. You may get a command implementation for each static method and your code would move from an Helper.calculate(x, y), calculate(z) to something like invoker.calculate(new Action(x, y)). Bye bye helper class.3) If the helper class provides methods for the same input but different logics, consider applying the Strategy pattern: each static method may easily become a strategy implementation, vanishing the need of its original helper class (replaced by a context component then).4) If the given set of static methods concerns a certain class hierarchy or a defined collection of components, then consider applying the Visitor pattern: you may get several visitor implementations providing different visit methods which would probably replace partially or entirely the previously existing static methods.5) If none of the above cases met your criteria, then apply the three most important indicators: your experience, your competences in the given project and common sense.